Skip to navigation

Security Advisory Moderate: gc security update

Advisory: RHSA-2013:1500-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-11-04
Last updated on: 2013-11-04
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-2673

Details

Updated gc packages that fix one security issue are now available for Red
Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++.

It was discovered that gc's implementation of the malloc() and calloc()
routines did not properly perform parameter sanitization when allocating
memory. If an application using gc did not implement application-level
validity checks for the malloc() and calloc() routines, a remote attacker
could provide specially crafted application-specific input, which, when
processed by the application, could lead to an application crash or,
potentially, arbitrary code execution with the privileges of the user
running the application. (CVE-2012-2673)

Users of gc are advised to upgrade to these updated packages, which contain
backported patches to correct this issue. Applications using gc must be
restarted for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
gc-7.1-12.el6_4.src.rpm     MD5: 5493c19b7c42b06c2fe9f9a251d1e28e
SHA-256: 920c0e60abd5ee75307a08b266ccd025513a7d47fafc9cd9cd68211d28496118
 
IA-32:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
 
x86_64:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-7.1-12.el6_4.x86_64.rpm     MD5: 11ad32614fdf7ae623b5e993a395421a
SHA-256: 2c944c2378a7468dd16724c0deacda9c891c7d5f4a5695c30f19b90996e3493a
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-debuginfo-7.1-12.el6_4.x86_64.rpm     MD5: 763b8204070894e46b990ab53dab8bb0
SHA-256: 20490cf23f44b97c6e14c6e80564d46530b15c1a928a0d7c3523cbb7c4c0fd85
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
gc-devel-7.1-12.el6_4.x86_64.rpm     MD5: 1b181e900e99face13a91bcc43aae06f
SHA-256: 9dd2773031b83c3a0c858ee590074ac7f1ae85ee5e649f6799690675c2828059
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
gc-7.1-12.el6_4.src.rpm     MD5: 5493c19b7c42b06c2fe9f9a251d1e28e
SHA-256: 920c0e60abd5ee75307a08b266ccd025513a7d47fafc9cd9cd68211d28496118
 
x86_64:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-7.1-12.el6_4.x86_64.rpm     MD5: 11ad32614fdf7ae623b5e993a395421a
SHA-256: 2c944c2378a7468dd16724c0deacda9c891c7d5f4a5695c30f19b90996e3493a
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-debuginfo-7.1-12.el6_4.x86_64.rpm     MD5: 763b8204070894e46b990ab53dab8bb0
SHA-256: 20490cf23f44b97c6e14c6e80564d46530b15c1a928a0d7c3523cbb7c4c0fd85
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
gc-devel-7.1-12.el6_4.x86_64.rpm     MD5: 1b181e900e99face13a91bcc43aae06f
SHA-256: 9dd2773031b83c3a0c858ee590074ac7f1ae85ee5e649f6799690675c2828059
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
gc-7.1-12.el6_4.src.rpm     MD5: 5493c19b7c42b06c2fe9f9a251d1e28e
SHA-256: 920c0e60abd5ee75307a08b266ccd025513a7d47fafc9cd9cd68211d28496118
 
IA-32:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
 
PPC:
gc-7.1-12.el6_4.ppc.rpm     MD5: 7a02329d0e913e13016e11e748b646ec
SHA-256: 69374cd1b6ca103be4b97ee593e592a5523dd0ff2faf02e122f18181929a1276
gc-7.1-12.el6_4.ppc64.rpm     MD5: 01856595108fe8e89d4fc9c1209161b4
SHA-256: 65e008b7372b44efd56ac53537227488482d25c377ea66ed72f4a271896a8ea8
gc-debuginfo-7.1-12.el6_4.ppc.rpm     MD5: 599f92c33ee63d60c50ed4433d65a811
SHA-256: 9522d925375e652f50a8e80e01fc68ed8f8f3c4e828050bd3e4c432481c01751
gc-debuginfo-7.1-12.el6_4.ppc64.rpm     MD5: 7cd37edc1df8aed31b7ee5f3f164a256
SHA-256: 7a4bf02cc8af915ee580d909496c9209ff15750241ac9114291790edf7985ef9
gc-devel-7.1-12.el6_4.ppc.rpm     MD5: c776865cdf49c6cdce392744c54905d1
SHA-256: 3979180aa460f3a70431262a01ff30e8ae65b31814af168d2ca90d55d55b92be
gc-devel-7.1-12.el6_4.ppc64.rpm     MD5: 2ccce9732e25f314146096fc512c37b2
SHA-256: ce5b0a79292a208b598daefd298caa4446d3c550a7f44491097de9780bdbe76d
 
s390x:
gc-7.1-12.el6_4.s390.rpm     MD5: f58d343eef3d3b71fdf561543e427d3d
SHA-256: 50b2f0402d213a926317049978f7128b74d584ffed2eb2560bbf4d8560ff2e7e
gc-7.1-12.el6_4.s390x.rpm     MD5: b0dd21ddead7bc3c9b4a96c348aadd8f
SHA-256: f2be2a04406ae7c13f4caf3deb415fd18450067bf3e8590f5a94f654ed54434b
gc-debuginfo-7.1-12.el6_4.s390.rpm     MD5: 52e6bf5a8c476c8c3da7a86f509295c2
SHA-256: 3ad9eb492731bd3106f115064ea36c451a347ef77c37baeed8549332081e537d
gc-debuginfo-7.1-12.el6_4.s390x.rpm     MD5: 887729722be3e6f7be2380f49b268a69
SHA-256: 4ed6215c5b072b6cee1f7ac0f03a1146d5cbcccb3d3a5a4e99a9ccc83a1c187c
gc-devel-7.1-12.el6_4.s390.rpm     MD5: 98d5ba9220848f45770d47b109112f58
SHA-256: 066db3995af2eca41ca2b6e31a7c2e2fa64f09164dabd011dda8397c784e9fad
gc-devel-7.1-12.el6_4.s390x.rpm     MD5: 1c4f2b7ce2338c3803004af26d04ef87
SHA-256: 312ac9b5447fea14f9acb74cfbf17bb33165068cb6684968db297add5bb339ac
 
x86_64:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-7.1-12.el6_4.x86_64.rpm     MD5: 11ad32614fdf7ae623b5e993a395421a
SHA-256: 2c944c2378a7468dd16724c0deacda9c891c7d5f4a5695c30f19b90996e3493a
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-debuginfo-7.1-12.el6_4.x86_64.rpm     MD5: 763b8204070894e46b990ab53dab8bb0
SHA-256: 20490cf23f44b97c6e14c6e80564d46530b15c1a928a0d7c3523cbb7c4c0fd85
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
gc-devel-7.1-12.el6_4.x86_64.rpm     MD5: 1b181e900e99face13a91bcc43aae06f
SHA-256: 9dd2773031b83c3a0c858ee590074ac7f1ae85ee5e649f6799690675c2828059
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
gc-7.1-12.el6_4.src.rpm     MD5: 5493c19b7c42b06c2fe9f9a251d1e28e
SHA-256: 920c0e60abd5ee75307a08b266ccd025513a7d47fafc9cd9cd68211d28496118
 
x86_64:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-7.1-12.el6_4.x86_64.rpm     MD5: 11ad32614fdf7ae623b5e993a395421a
SHA-256: 2c944c2378a7468dd16724c0deacda9c891c7d5f4a5695c30f19b90996e3493a
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-debuginfo-7.1-12.el6_4.x86_64.rpm     MD5: 763b8204070894e46b990ab53dab8bb0
SHA-256: 20490cf23f44b97c6e14c6e80564d46530b15c1a928a0d7c3523cbb7c4c0fd85
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
gc-devel-7.1-12.el6_4.x86_64.rpm     MD5: 1b181e900e99face13a91bcc43aae06f
SHA-256: 9dd2773031b83c3a0c858ee590074ac7f1ae85ee5e649f6799690675c2828059
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
gc-7.1-12.el6_4.src.rpm     MD5: 5493c19b7c42b06c2fe9f9a251d1e28e
SHA-256: 920c0e60abd5ee75307a08b266ccd025513a7d47fafc9cd9cd68211d28496118
 
IA-32:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
 
PPC:
gc-7.1-12.el6_4.ppc.rpm     MD5: 7a02329d0e913e13016e11e748b646ec
SHA-256: 69374cd1b6ca103be4b97ee593e592a5523dd0ff2faf02e122f18181929a1276
gc-7.1-12.el6_4.ppc64.rpm     MD5: 01856595108fe8e89d4fc9c1209161b4
SHA-256: 65e008b7372b44efd56ac53537227488482d25c377ea66ed72f4a271896a8ea8
gc-debuginfo-7.1-12.el6_4.ppc.rpm     MD5: 599f92c33ee63d60c50ed4433d65a811
SHA-256: 9522d925375e652f50a8e80e01fc68ed8f8f3c4e828050bd3e4c432481c01751
gc-debuginfo-7.1-12.el6_4.ppc64.rpm     MD5: 7cd37edc1df8aed31b7ee5f3f164a256
SHA-256: 7a4bf02cc8af915ee580d909496c9209ff15750241ac9114291790edf7985ef9
gc-devel-7.1-12.el6_4.ppc.rpm     MD5: c776865cdf49c6cdce392744c54905d1
SHA-256: 3979180aa460f3a70431262a01ff30e8ae65b31814af168d2ca90d55d55b92be
gc-devel-7.1-12.el6_4.ppc64.rpm     MD5: 2ccce9732e25f314146096fc512c37b2
SHA-256: ce5b0a79292a208b598daefd298caa4446d3c550a7f44491097de9780bdbe76d
 
s390x:
gc-7.1-12.el6_4.s390.rpm     MD5: f58d343eef3d3b71fdf561543e427d3d
SHA-256: 50b2f0402d213a926317049978f7128b74d584ffed2eb2560bbf4d8560ff2e7e
gc-7.1-12.el6_4.s390x.rpm     MD5: b0dd21ddead7bc3c9b4a96c348aadd8f
SHA-256: f2be2a04406ae7c13f4caf3deb415fd18450067bf3e8590f5a94f654ed54434b
gc-debuginfo-7.1-12.el6_4.s390.rpm     MD5: 52e6bf5a8c476c8c3da7a86f509295c2
SHA-256: 3ad9eb492731bd3106f115064ea36c451a347ef77c37baeed8549332081e537d
gc-debuginfo-7.1-12.el6_4.s390x.rpm     MD5: 887729722be3e6f7be2380f49b268a69
SHA-256: 4ed6215c5b072b6cee1f7ac0f03a1146d5cbcccb3d3a5a4e99a9ccc83a1c187c
gc-devel-7.1-12.el6_4.s390.rpm     MD5: 98d5ba9220848f45770d47b109112f58
SHA-256: 066db3995af2eca41ca2b6e31a7c2e2fa64f09164dabd011dda8397c784e9fad
gc-devel-7.1-12.el6_4.s390x.rpm     MD5: 1c4f2b7ce2338c3803004af26d04ef87
SHA-256: 312ac9b5447fea14f9acb74cfbf17bb33165068cb6684968db297add5bb339ac
 
x86_64:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-7.1-12.el6_4.x86_64.rpm     MD5: 11ad32614fdf7ae623b5e993a395421a
SHA-256: 2c944c2378a7468dd16724c0deacda9c891c7d5f4a5695c30f19b90996e3493a
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-debuginfo-7.1-12.el6_4.x86_64.rpm     MD5: 763b8204070894e46b990ab53dab8bb0
SHA-256: 20490cf23f44b97c6e14c6e80564d46530b15c1a928a0d7c3523cbb7c4c0fd85
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
gc-devel-7.1-12.el6_4.x86_64.rpm     MD5: 1b181e900e99face13a91bcc43aae06f
SHA-256: 9dd2773031b83c3a0c858ee590074ac7f1ae85ee5e649f6799690675c2828059
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
gc-7.1-12.el6_4.src.rpm     MD5: 5493c19b7c42b06c2fe9f9a251d1e28e
SHA-256: 920c0e60abd5ee75307a08b266ccd025513a7d47fafc9cd9cd68211d28496118
 
IA-32:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
 
x86_64:
gc-7.1-12.el6_4.i686.rpm     MD5: 83f54552d4ffd54b03ca70c659df821b
SHA-256: 284245138228c2bdf964616906664b93c7ba93bd6ae3d82c72d1adc20f4ccb7b
gc-7.1-12.el6_4.x86_64.rpm     MD5: 11ad32614fdf7ae623b5e993a395421a
SHA-256: 2c944c2378a7468dd16724c0deacda9c891c7d5f4a5695c30f19b90996e3493a
gc-debuginfo-7.1-12.el6_4.i686.rpm     MD5: 06824873636f6b2226e8028a3633d86c
SHA-256: 36b2e2cc67415a009027bdfdc2ff610e0d572b941220aac76821aea733fc2706
gc-debuginfo-7.1-12.el6_4.x86_64.rpm     MD5: 763b8204070894e46b990ab53dab8bb0
SHA-256: 20490cf23f44b97c6e14c6e80564d46530b15c1a928a0d7c3523cbb7c4c0fd85
gc-devel-7.1-12.el6_4.i686.rpm     MD5: e230b3afb9555ed46d88a5d713b2a77d
SHA-256: 3db5ac71cb07d26789776f73f3a1d011a40ca8b1a3c6574ab37d6b34aa091a08
gc-devel-7.1-12.el6_4.x86_64.rpm     MD5: 1b181e900e99face13a91bcc43aae06f
SHA-256: 9dd2773031b83c3a0c858ee590074ac7f1ae85ee5e649f6799690675c2828059
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

828878 - CVE-2012-2673 gc: malloc() and calloc() overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/